Stop Phishing Scams

The Latest Phishes Sent to Penn Staters

IT Admin Desk

by

This phish used a compromised Penn State Access Account to be sent, and put another Penn State address in the “To” field. It claims that Penn State is moving its email to a new system โ€“ TODAY. If and when Penn State makes a major change to its email system, there will be announcements made months in advance of the change to alert everyone of the plan and the cut-over date. The link in this message goes to a jimdo.com site with the Penn State academic seal on a form used to collect user IDs and passwords. The message also includes a threat of one’s account being made “inactive” if not updated โ€“ another sure sign of a phishing message.

Phishing message from 5/16/2016 at 10:09 a.m.

From: “XXXXX XXXXX” <xxxxxxx@psu.edu>
To: xxxx@psu.edu
Sent: Monday, May 16, 2016 10:09:00 AM
Subject: IT Admin Desk

Today Monday 16th May, 2016. we are upgrading our email system to Microsoft Outlook Webaccess 2016. This service creates more space and easy access to email. Please update your account by clicking on the link below and fill information for activation.

Click for Activation (<- Links to a bogus form on a jimdo.com site)

Inability to complete the information will render your account inactive.
Thank you.
IT Admin Desk

Dear User

by

This phish used a compromised Penn Stater’s Access Account to be sent, but such a message would never be sent from an individual’s email address if it were legitimate. The link in the message goes to a jimdo.com address and uses Penn State’s academic seal on a form for collecting user IDs and passwords.

Phish from 5/16/2016 at 10:03 a.m.

From: “XXXXX XXXXX” <xxxx@psu.edu>
To: msn@e.microsoft.com
Sent: Monday, May 16, 2016 10:03:15 AM
Subject: Dear User

Due to recent upgrades on our servers Your 5 (Five) incoming Emails are on hold. Please validate below to retrieve your email
click RESET (<- Links to a bogus form requesting your user ID and password) to retrieve your email.
We are sorry for the inconvenient.
With best regards
IT HELP DESK

Notice From Admin To Everyone..

by

This phish makes reference to student performance, perhaps in an effort to scare those who are concerned about their grades. However, the generic greeting and “To” address, along with the horrendous grammar, are big tip-offs that this is a phishing message. The link, if clicked, goes to a forged WebAccess page that allows the scammers to collect user IDs and passwords for later use.

Phish from 5/15/2016 at 10:22 a.m.

From: “Penn State University” <noreply@psu.securemin>
To: “Recipients” <noreply@psu.securemin>
Sent: Sunday, May 15, 2016 10:22:22 AM
Subject: Notice From Admin To Everyone..

Dear Valued Student,

About your last year performance,we hope you did change this time around and make sure to update this informations given to you:-

UPDATE_INFO (<- Link goes to a forged WebAccess login page)

Penn State Management.

Attention PSU Domain User

by

This phish references psu.edu, but the linked Google form features the seal from Pangasinan State University in the Phillipines. Aside from that, the “from” address has nothing to do with Penn State, and the poor grammar and vagueness of the message are clear tip-offs that this is a phish. Even the linked Google form states “Never submit passwords through Google Forms.”

Phish from 5-13-2016 at 1:22 p.m.

From: “Fadi Suboh” <xxxxx@xxxxx.xxx>
Sent: Friday, May 13, 2016 1:22:04 PM
Subject: Attention PSU Domain User

Attention PSU Domain User,

Kindly Update your psu.edu Email account on our School Domain, Latest Virus threat has been detected on our Data-base and all users on our domain are required to Click Here (<- links to a Google form with the Pangasinan State University seal) and fill the required information

Thanks
Administrator

Penn State: Review of all accounts

by

This phish provides a link to a forged Penn State WebAccess login page. The traits that give it away as a phish are the generic greeting and “To:” name, as well as the poor grammar, the vague reason for directing users to log in, and the appearance of the message coming from University “administration.” Dr. Barron and the rest of the President’s office will leave such messages to IT staff.

Phish from 5/12/2016 at 4:18 p.m.

From: administration@psu.edu
To: “Recipients” <administration@psu.edu>
Sent: Thursday, May 12, 2016 4:18:34 PM
Subject: Penn State: Review of all accounts

Notification:

To ensure that you have better security
We have a strict review process on your account
All updates completed will take effects within 24 hours

Log in (<- link goes to a forged Penn State WebAccess login page)

Administration

The Pennsylvania State University ยท Copyright 2016